Date: Mon, 2 Aug 2010 21:19:28 +0000 From: Brandon Enright <bmenrigh@...d.edu> To: john-users@...ts.openwall.com Cc: solar@...nwall.com, bmenrigh@...d.edu Subject: Re: contest results -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Aug 2010 09:35:54 +0400 Solar Designer <solar@...nwall.com> wrote: > Brandon - congrats to you and CrackHeads on what looks like your third > place: http://contest.korelogic.com/stats.html > > Apparently, we're 4th. Alexander, Thank you very much -- getting third is quite bittersweet -- I feel guilty for not having John in my name since 95% of my cracks were from John. I'm also disappointed that a bit of fire-and-forget GPU cracking of the NTLM hashes beat out both our team's hard work, adaptation, and innovation. The other member of my team to help with the cracking was a co-worker of mine, Tom Maddock (t2maddock@...d.edu). I am writing up my contest experience, strategy, thoughts, and suggestions right now. I should have the email done in a few hours. > > On Fri, Jul 30, 2010 at 03:06:46AM +0000, Brandon Enright wrote: > > ... I am going to compete in the > > contest and I'm not on the john-users team. If I had known a month > > ago there was interest I would have joined. Now that I have > > prepared for the contest I want to compete with my own team. > > This is understandable, although you could have just asked whether > there was interest a month ago. ;-) > > > As I told SD, no matter what team wins, I have little doubt that it > > will be a John-powered victory. > > This is now doubtful. The two winning teams, according to their > names, relied on closed-source software, although I suspect that they > were using John as well (and indeed John has indirectly contributed > to what those closed-source programs have become). Yes, this is quite sad. I was sure that with all of the other hashes besides NTLM in the competition that the GPU crackers would be very limited. With the volume of NTLM hashes though it seems all of our effort to crack the other hashes went to little use. > Brandon, Minga - I am working on a writeup right now with more detail. > I'd appreciate more info on what each team has been using/doing - > hardware (and cost incurred, if any), I used Amazon EC2 and spent $185. We also used 1700 (of 2000) donated CPU-hours on a large cluster with John + Magnum's MPI patch. > software (free or previously acquired, I suppose?), John (of course!), Matt Weir's "probabilistic cracker", some of my own code (hacked up but releasable), and I'm ashamed to admit, some oclHashcat. We didn't use oclHashcat very effectively though. > password cracking techniques, team management > (e.g., what separate roles?), how many team members (and how many of > them actually "active"), external contributions accepted (e.g., if > another team shared their passwords) and how much help they were > (e.g., 90% overlap with what the team already had), also info on > stuff used by those external contributors if known. I am willing to > provide this info on our team. I'll discuss this the above in my writeup. > Also, I am curious about cumulative scores for multiple teams - e.g., > what if CrackHeads and john-users joined (which did not happen) - > would we definitely be 2nd (hardly) or maybe not (which we can't know > for sure from mere analysis of the results now, which Kore may > perform, because if we acted as one team we'd actually crack more)? Yeah you read my mind on this. I would like to know too. We can't just sort -u our results because of the admin hashes but here are mine anyways: http://noh.ucsd.edu/~bmenrigh/crackheads.txt > What would the cumulative score be for all submissions, by all teams? > by the first two? by all except for the first two (if they all > joined, would they surpass the winners or maybe-not)? I would like to know this too. > > Thanks, > > Alexander Thanks for your comments, my writeup will follow in a few hours. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) iEYEARECAAYFAkxXNmgACgkQqaGPzAsl94IWjwCfXaDPFuM+bl53iVmQCL6HyvrM BSsAoJgpTUHVVH/E2cXx3ZzqNyUDnJWA =LDFO -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.